I see constant requests sent back to google network IP’s that are all subdomains of “1e100.net” and belong to Google, Inc. The requests use UDP 443 ports.
This happens on all new links visited and sometimes when you are browsing already opened sites.
All settings in Brave that could have send anything anywhere are turned off.
It’s weird for a supposedly privacy-oriented browser to constantly phone information back to Google!
Shouldn’t this Chromium feature been removed?
Hello, what software are you using to monitor the ports?
Firewall. It asks me every time there is a non-approved request.
Version 1.17.75 Chromium: 87.0.4280.88 (Official Build) (32-bit)
Do you mean Windows Defender firewall?
No, I use a different firewall software. It’s like Windows firewall, but it asks you about all new requests - if you want to approve them or not. Very useful.
My question was what software it is. I know Little Snitch for Mac, but I don’t know an equivalent for Windows. If you tell us its name, we could do a test.
Sorry, the firewall was long discontinued, you cannot install it anymore, but it’s still installed on my computer. You need to use some other tool that monitors network traffic to test it.
Now it connects to the same network of IP’s but using TCP 443.
The main problem is still - why does it connect to Google network at all?
Which websites are you browsing or are you just opening a blank new tab?
I changed the flags, relaunched Brave (with only this tab open) and I already see 3 connections to different subdomains of 1e1000.net.
Link to Post on Same Issue @ztrekr It looks like this isn’t just a brave thing. These people seem to have figured out how to disable it, I’m not quite sure at what cost to their web browsing experience but there are shell commands in the post that they claim disables it.
Yes, this seems to be the same on all Chromium browsers. I just wonder why Brave didn’t remove this?
Thanks for the link! I tried searching before posting here, but couldn’t find anything relevant…
Maybe @sampson have some information regarding this.
Well, guys, until this is removed from Brave - that’s not a browser for me 
Could you attach a screenshot?
@ztrekr,
A screenshot would be very useful. The team is digging into this right now – thank you for reporting and for your patience. Additionally, I noticed that you listed your current version as 1.17.75 – can you please ensure you update to the latest release (v1.18.78 at the time of writing this) by going to Menu --> About Brave?
This is quite odd; nothing in Brave’s source points to 1e100.net. I also don’t see anything in Chromium pointing there either. Are you positive it’s coming from Brave?
Can you navigate to about:version and share a screenshot of what you see there? Additionally, a list of extensions installed would be helpful.
If you’d like to do a bit more testing on your end, you could temporarily set aside your Brave profile directory and launch the browser with a fresh profile to see if the calls continue.
On Windows, you can find the Brave profile directory at %localappdata%/BraveSoftware/Brave-Browser. After you have closed Brave, you can rename that directory to Brave-Browser-Backup. Then launch the browser again; which results in a new “Brave Browser” folder being created. Monitor the network activity, and see if you observe the same calls.
I wouldn’t call this odd, as this seems to be the default behavior of any browser based on Chrome. I guess most people never have the chance to see these requests, because their firewalls don’t notify them. This is one of the reasons I don’t use modern browsers, based on Chrome engine.
I should probably mention that I am using the portable version of Brave, but I don’t think this is the reason - I see the same requests from other Chromium browsers. It’s the engine itself, not what you wrap it in.
If you manage to remove those requests, you will have an advantage over any other chrome-based browser.
